我有一个使用非自签名证书的node.js https服务器。 我相信他们来自godaddy,但不确定。 我的雇主只向我提供了密钥和证书文件。
服务器:
var fs = require('fs') , server = require('https').createServer({ key: fs.readFileSync( __dirname + "/key.pem" ), cert: fs.readFileSync(__dirname + "/cert.pem" ) }) , WebSocketServer = require('ws').Server , webSocketServer = new WebSocketServer({ server: server, }) , port = 8080; server.listen(port, function(){ console.log('Listening on ' + server.address().port) });客户:
var webSocket = new WebSocket('wss://my.website.com:8080');此代码在桌面chrome,safari和firefox上按预期工作。 客户端能够连接到安全websocket。 但是,在iOS 9.3.1 Safari上尝试它会给我以下错误:
The operation couldn't be completed.(OSStatus error -9807.)
OSStatus告诉我,这是由无效的证书链引起的。 不幸的是,这里我的SSL知识开始消失。 经过一些额外的谷歌搜索后,我尝试了https.createServer()接受的以下选项的多种组合:
secureProtocol: "SSLv3_method", rejectUnauthorized: false, ciphers: 'ECDHE-RSA-AES256-SHA:AES256-SHA:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM', honorCipherOrder: true, requestCert: false到目前为止,他们都没有工作过。 我也看过ca选项(证书颁发机构)但不仅我不知道在哪里找到这个文件,所有在线示例都表明这只用于自签名证书?
非常感谢任何帮助,谢谢!
I have a node.js https server using non-self-signed certificates. I believe they are from godaddy, not sure though. My employer only provided me with key and cert files.
Server:
var fs = require('fs') , server = require('https').createServer({ key: fs.readFileSync( __dirname + "/key.pem" ), cert: fs.readFileSync(__dirname + "/cert.pem" ) }) , WebSocketServer = require('ws').Server , webSocketServer = new WebSocketServer({ server: server, }) , port = 8080; server.listen(port, function(){ console.log('Listening on ' + server.address().port) });Client:
var webSocket = new WebSocket('wss://my.website.com:8080');This code works as expected on desktop chrome, safari, and firefox. The client is able to connect to the the secure websocket. However, trying it on iOS 9.3.1 Safari gives me the following error:
The operation couldn't be completed.(OSStatus error -9807.)
OSStatus showed me that this is caused by an invalid certificate chain. Unfortunately, here is where my knowledge of SSL begins to fade. After some additional googling, I tried multiple combinations of the following options accepted by https.createServer():
secureProtocol: "SSLv3_method", rejectUnauthorized: false, ciphers: 'ECDHE-RSA-AES256-SHA:AES256-SHA:RC4-SHA:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM', honorCipherOrder: true, requestCert: falseNone of them have worked thus far. I have also seen the ca option (certificate authority) but not only do I not know where I would find this file, all examples online suggest that this is only used with self-signed certs?
Any help is greatly appreciated, thanks!
最满意答案
不知何故将nginx放在节点app前面似乎解决了这个问题。 我能够很快地完成以下配置(取自本教程 ):
server { listen 443; server_name *.website.com; ssl on; ssl_certificate /etc/ssl/cert.pem; ssl_certificate_key /etc/ssl/key.pem; location / { proxy_pass https://pr.iv.ate.ip:8080; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } }仍然是一个很大的\ _(ツ)_ /¯为什么它不能仅与节点一起工作,但是我对ssl(有时候服务器配置)的了解仍然有些局限。
Somehow putting nginx in front of the node app seemed to fix the issue. I was able to get the following configuration working pretty quickly (taken from this tutorial):
server { listen 443; server_name *.website.com; ssl on; ssl_certificate /etc/ssl/cert.pem; ssl_certificate_key /etc/ssl/key.pem; location / { proxy_pass https://pr.iv.ate.ip:8080; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } }Still a big ¯\_(ツ)_/¯ as to why it doesn't work with just node, but then again my knowledge of ssl (and sometimes server configuration in general) is still somewhat limited.
更多推荐
发布评论